A story by John Markoff in the New York Times has more details about the December 2009 cyber attacks from China. It says that the source code to "Gaia", Google's password authentication system, was one of the targets. http://www.nytimes.com/2010/04/20/technology/20google.html?src=busln

Why is revealing the source code a problem? Does it rely on security through obscurity rather than sound authentication technology? Is it bug laden? Is it too complicated?

Blogoscoped's earlier discussion of attack: http://blogoscoped.com/archive/2010-01-13-n51.html

It's a good article.
There is a important remark in it :
<< “If you can get to the software repository where the bugs are housed before they are patched, that’s the pot of gold at the end of the rainbow,” said George Kurtz >>